| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. |
| Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07. |
| HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. |
| Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. |
| Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. |
| Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. |
| BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. |
| UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. |
| Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. |
| The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. |
| CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. |
| The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." |
| Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. |
| The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. |
| htdig allows remote attackers to execute commands via filenames with shell metacharacters. |
| Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. |
